mbedtls_x509_crt_info calls mbedtls_x509_key_size_helper with buffer that's too small

[dannybackx]

Summary

System information

Mbed TLS version (number or commit id): current svn (observed in esp32 esp-idf-v4.3)
Operating system and version: esp-idf-v4.3 FreeRTOS
Configuration (if not default, please attach mbedtls_config.h): N/A
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): xtensa-esp32-elf-gcc (crosstool-ng-1.22.0-80-g6c4433a 5.2.0)
Additional environment information:

Expected behavior

When you pass an invalid PK to mbedtls_x509_crt_info() it will call mbedtls_x509_key_size_helper on line 2132 with parameter "invalid PK".
Together with the hardcoded string in mbedtls_x509_key_size_helper, this doesn't fit in the 18 char buffer as specified. It does work with 20, so suggested fix :

hp: {35} diff library/x509_crt.c.orig library/x509_crt.c
2069,2070c2069,2070
< #define BEFORE_COLON 18
< #define BC "18"

#define BEFORE_COLON 20
#define BC "20"

Actual behavior

E (12:43:37.191) JSONServer: mbedtls_x509_crt_info -> -10624
(this is MBEDTLS_ERR_X509_BUFFER_TOO_SMALL)

Steps to reproduce

Additional information

[dannybackx]

See also espressif/esp-idf#7452

[paul-elliott-arm]

Hi!

As you believe you have a fix for this, could I invite you to submit this as a pull request as this would be the quickest way to get this fixed?

Many thanks,

Paul.

[dannybackx]

Is there a procedure to do this based on subversion ?
I'm not terribly familiar with git.

[Mario-Klebsch]

I wrote a test case to test for this problem:

TEST(mbedtls_x509_crt, bug_4894)
{
	mbedtls_x509_crt cert;
	mbedtls_x509_crt_init(&cert);
	char buffer[2048];
	int ret = mbedtls_x509_crt_info(buffer, sizeof(buffer), "", &cert);
	ASSERT_LT(strlen(buffer), 1024u);
	ASSERT_NE(ret, MBEDTLS_ERR_X509_BUFFER_TOO_SMALL);
}